<?php
/**
* This files contains the common functions for the permissions
* @author Patrick Cool < patrick.cool @ ugent . be > , Ghent University
*
* A list of all the functions (in no particular order)
* ----------------------------------------------------
* store_permissions($content,$id)
* get_permissions($content,$id)
* limited_or_full($current_permissions)
*/
/**
* This function stores the permissions in the correct table.
* Since Checkboxes are used we do not know which ones are unchecked.
* That's why we first delete them all (for the given user/group/role
* and afterwards we store the checked ones only.
* @param $content are we storing rights for a user, a group or a role (the database depends on it)
* @param $id the id of the user, group or role
* @author Patrick Cool < patrick.cool @ ugent . be > , Ghent University
* @version 1.0
*/
function store_permissions($content, $id)
{
// Which database are we using (depending on the $content parameter)
if($content=='user')
{
$table=Database::get_course_table(TABLE_PERMISSION_USER);
$id_field = user_id;
}
if($content=='group')
{
$table=Database::get_course_table(TABLE_PERMISSION_GROUP);
$id_field = group_id;
}
if($content=='role')
{
$table=Database::get_course_table(TABLE_ROLE_PERMISSION);
$id_field = role_id;
}
// We first delete all the existing permissions for that user/group/role
$sql="DELETE FROM $table WHERE $id_field = '".mysql_real_escape_string($id)."'";
$result=api_sql_query($sql, __FILE__, __LINE__);
// looping through the post values to find the permission (containing the string permission* )
foreach ($_POST as $key => $value)
{
if(strstr($key,"permission*"))
{
list($brol,$tool,$action)=explode("*",$key);
$sql="INSERT INTO $table ($id_field,tool,action) VALUES ('".mysql_real_escape_string($id)."','".mysql_real_escape_string($tool)."','".mysql_real_escape_string($action)."')";
$result=api_sql_query($sql, __FILE__, __LINE__);
}
}
return get_lang('PermissionsStored');
}
/**
* This function stores one permission in the correct table.
* @param $content are we storing rights for a user, a group or a role (the database depends on it)
* @param $action are we granting or revoking a permission?
* @param $id the id of the user, group or role
* @param $tool the tool
* @param $permission the permission the user, group or role has been granted or revoked
* @author Patrick Cool < patrick.cool @ ugent . be > , Ghent University
* @version 1.0
*/
function store_one_permission($content, $action, $id, $tool,$permission)
{
global $rights_full;
// for some reason I don't know, he can't get to the $rights_full array, so commented the following lines out.
// check
//if(!in_array($permission, $rights_full))
//{
// return get_lang('Error');
//}
// Which database are we using (depending on the $content parameter)
if($content=='user')
{
$table=Database::get_course_table(TABLE_PERMISSION_USER);
$id_field = user_id;
}
if($content=='group')
{
$table=Database::get_course_table(TABLE_PERMISSION_GROUP);
$id_field = group_id;
}
if($content=='role')
{
$table=Database::get_course_table(TABLE_ROLE_PERMISSION);
$id_field = role_id;
}
// grating a right
if($action=='grant')
{
$sql="INSERT INTO $table ($id_field,tool,action) VALUES ('".mysql_real_escape_string($id)."','".mysql_real_escape_string($tool)."','".mysql_real_escape_string($permission)."')";
$result=api_sql_query($sql, __FILE__, __LINE__);
if($result)
{
$result_message=get_lang('PermissionGranted');
}
}
if($action=='revoke')
{
$sql="DELETE FROM $table WHERE $id_field = '".mysql_real_escape_string($id)."' AND tool='".mysql_real_escape_string($tool)."' AND action='".mysql_real_escape_string($permission)."'";
$result=api_sql_query($sql, __FILE__, __LINE__);
if($result)
{
$result_message=get_lang('PermissionRevoked');
}
}
return $result_message;
}
/**
* This function retrieves the existing permissions of a user, group or role.
* @param $content are we retrieving the rights of a user, a group or a role (the database depends on it)
* @param $id the id of the user, group or role
* @author Patrick Cool < patrick.cool @ ugent . be > , Ghent University
* @version 1.0
*/
function get_permissions($content, $id)
{
$currentpermissions=array();
// Which database are we using (depending on the $content parameter)
if($content == 'user')
{
$table=Database::get_course_table(TABLE_PERMISSION_USER);
$id_field = user_id;
}
elseif($content == 'group')
{
$table=Database::get_course_table(TABLE_PERMISSION_GROUP);
$id_field = group_id;
}
elseif($content == 'role')
{
$table=Database::get_course_table(TABLE_ROLE_PERMISSION);
$id_field = role_id;
}
elseif($content == 'platform_role')
{
$table=Database::get_main_table(TABLE_ROLE_PERMISSION);
$id_field = role_id;
}
elseif($content == 'task')
{
$table=Database::get_course_table(TABLE_BLOGS_TASKS_PERMISSIONS);
$id_field = task_id;
}
// finding all the permissions. We store this in a multidimensional array
// where the first dimension is the tool.
$sql="
SELECT * FROM " . $table . "
WHERE " . $id_field . "='" . mysql_real_escape_string($id) . "'";
$result = api_sql_query($sql, __FILE__, __LINE__);
while($row = mysql_fetch_array($result))
$currentpermissions[$row['tool']][] = $row['action'];
return $currentpermissions;
}
/**
* the array that contains the current permission a user, group or role has will now be changed depending on
* the Dokeos Config Setting for the permissions (limited [add, edit, delete] or full [view, add, edit, delete, move, visibility]
* @param $content are we retrieving the rights of a user, a group or a role (the database depends on it)
* @param $id the id of the user, group or role
* @author Patrick Cool < patrick.cool @ ugent . be > , Ghent University
* @version 1.0
* @todo currently there is a setting user_permissions and group_permissions. We should merge this in one config setting.
*/
function limited_or_full($current_permissions)
{
if(api_get_setting('permissions')=='limited')
{
foreach ($current_permissions as $tool=>$tool_rights)
{
// we loop through the possible permissions of a tool and unset the entry if it is view
// if it is visibility or move we have to grant the edit right
foreach ($tool_rights as $key=>$value)
{
if($value=='View')
{
unset($current_permissions[$tool][$key]);
}
if($value=='Visibility' OR $value=='Move')
{
if(!in_array('Edit',$current_permissions[$tool]))
{
$current_permissions[$tool][]='Edit';
}
unset($current_permissions[$tool][$key]);
}
//else
//{
// $current_permissions[$tool][]=$value;
//}
}
}
return $current_permissions;
}
if(api_get_setting('permissions')=='full')
{
return $current_permissions;
}
}
/**
* This function displays a checked or unchecked checkbox. The checkbox will be checked if the
* user, group or role has the permission for the given tool, unchecked if the user, group or role
* does not have the right
* @param $permission_array the array that contains all the permissions of the user, group, role
* @param $tool the tool we want to check a permission for
* @param $permission the permission we want to check for
* @author Patrick Cool < patrick.cool @ ugent . be > , Ghent University
* @version 1.0
*/
function display_checkbox_matrix($permission_array, $tool, $permission, $inherited_permissions=array())
{
$checked="";
if(is_array($permission_array[$tool]) AND in_array($permission,$permission_array[$tool]))
{
$checked="checked";
}
echo "\t\t\t< input type = \"checkbox\" name = \"permission*$tool*$permission\" $ checked > \n";
}
/**
* This function displays a checked or unchecked image. The image will be checked if the
* user, group or role has the permission for the given tool, unchecked if the user, group or role
* does not have the right
* @param $permission_array the array that contains all the permissions of the user, group, role
* @param $tool the tool we want to check a permission for
* @param $permission the permission we want to check for
* @author Patrick Cool < patrick.cool @ ugent . be > , Ghent University
* @version 1.0
*/
function display_image_matrix($permission_array, $tool, $permission,$inherited_permissions=array(), $course_admin=false, $editable=true)
{
if($course_admin==true)
{
echo "\t\t\t< img src = \"../img/checkbox_on3.gif\" border = \"0\"/ title = \"".get_lang('PermissionGrantedByGroupOrRole')."\" > ";
}
else
{
if(in_array($permission,$inherited_permissions[$tool]))
{
echo "\t\t\t< img src = \"../img/checkbox_on3.gif\" border = \"0\"/ title = \"".get_lang('PermissionGrantedByGroupOrRole')."\" > ";
}
else
{
if(is_array($permission_array[$tool]) AND in_array($permission,$permission_array[$tool]))
{
if($editable)
{
$url=api_get_self();
foreach($_GET as $key=>$value)
{
$parameter[$key]=$value;
}
$parameter['action']='revoke';
$parameter['permission']=$permission;
$parameter['tool']=$tool;
foreach ($parameter as $key=>$value)
{
$urlparameters.=$key.'='.$value.'& ';
}
$url=$url.'?'.$urlparameters;
echo "\t\t\t < a href = \"".$url."\" > ";
}
echo "< img src = \"../img/checkbox_on2.gif\" border = \"0\"/ > ";
if($editable)
{
echo "< / a > ";
}
}
else
{
if($editable)
{
$url=api_get_self();
foreach($_GET as $key=>$value)
{
$parameter[$key]=$value;
}
$parameter['action']='grant';
$parameter['permission']=$permission;
$parameter['tool']=$tool;
foreach ($parameter as $key=>$value)
{
$urlparameters.=$key.'='.$value.'& ';
}
$url=$url.'?'.$urlparameters;
//echo "\t\t\t < a href = \"".str_replace('&', ' & amp ; ' , $ _SERVER [ ' REQUEST_URI ' ] ) . " & amp ; action = grant&permission=$permission&tool=$tool\" > ";
echo "\t\t\t < a href = \"".$url."\" > ";
}
echo "< img src = \"../img/wrong.gif\" border = \"0\"/ > ";
if($editable)
{
echo "< / a > ";
}
}
}
}
}
/**
* Slightly modified: Toon Keppens
* This function displays a checked or unchecked image. The image will be checked if the
* user, group or role has the permission for the given tool, unchecked if the user, group or role
* does not have the right
* @param $permission_array the array that contains all the permissions of the user, group, role
* @param $tool the tool we want to check a permission for
* @param $permission the permission we want to check for
* @author Patrick Cool < patrick.cool @ ugent . be > , Ghent University
* @version 1.0
*/
function display_image_matrix_for_blogs($permission_array, $user_id, $tool, $permission,$inherited_permissions=array(), $course_admin=false, $editable=true)
{
if($course_admin==true)
{
echo "\t\t\t< img src = \"../img/checkbox_on3.gif\" border = \"0\"/ title = \"".get_lang('PermissionGrantedByGroupOrRole')."\" > ";
}
else
{
if(in_array($permission,$inherited_permissions[$tool]))
{
echo "\t\t\t< img src = \"../img/checkbox_on3.gif\" border = \"0\"/ title = \"".get_lang('PermissionGrantedByGroupOrRole')."\" > ";
}
else
{
if(is_array($permission_array[$tool]) AND in_array($permission,$permission_array[$tool]))
{
if($editable)
{
$url=api_get_self();
foreach($_GET as $key=>$value)
{
$parameter[$key]=$value;
}
$parameter['action']='manage_rights';
$parameter['do']='revoke';
$parameter['permission']=$permission;
$parameter['tool']=$tool;
$parameter['user_id']=$user_id;
foreach ($parameter as $key=>$value)
{
$urlparameters.=$key.'='.$value.'& ';
}
$url=$url.'?'.$urlparameters;
echo "\t\t\t < a href = \"".$url."\" > ";
}
echo "< img src = \"../img/checkbox_on2.gif\" border = \"0\"/ > ";
if($editable)
{
echo "< / a > ";
}
}
else
{
if($editable)
{
$url=api_get_self();
foreach($_GET as $key=>$value)
{
$parameter[$key]=$value;
}
$parameter['action']='manage_rights';
$parameter['do']='grant';
$parameter['permission']=$permission;
$parameter['tool']=$tool;
$parameter['user_id']=$user_id;
foreach ($parameter as $key=>$value)
{
$urlparameters.=$key.'='.$value.'& ';
}
$url=$url.'?'.$urlparameters;
//echo "\t\t\t < a href = \"".str_replace('&', ' & amp ; ' , $ _SERVER [ ' REQUEST_URI ' ] ) . " & amp ; action = grant&permission=$permission&tool=$tool\" > ";
echo "\t\t\t < a href = \"".$url."\" > ";
}
echo "< img src = \"../img/wrong.gif\" border = \"0\"/ > ";
if($editable)
{
echo "< / a > ";
}
}
}
}
}
/**
* This function displays a list off all the roles of the course (and those defined by the platform admin)
* @author Patrick Cool < patrick.cool @ ugent . be > , Ghent University
* @version 1.0
*/
function display_role_list($current_course_roles, $current_platform_roles)
{
global $setting_visualisation;
$coures_roles_table=Database::get_course_table(TABLE_ROLE);
$platform_roles_table=Database::get_main_table(TABLE_ROLE);
// platform roles
$sql="SELECT * FROM $platform_roles_table";
$result=api_sql_query($sql, __FILE__, __LINE__);
while ($row=mysql_fetch_array($result))
{
if(in_array($row['role_id'], $current_platform_roles))
{
$checked='checked';
$image='checkbox_on2.gif';
$action='revoke';
}
else
{
$checked='';
$image='wrong.gif';
$action='grant';
}
if($setting_visualisation=='checkbox')
{
echo "< input type = \"checkbox\" name = \"role*platform*".$row['role_id']."\" $ checked > ";
}
if($setting_visualisation=='image')
{
echo "< a href = \"".str_replace('&', ' & amp ; ' , $ _SERVER [ ' REQUEST_URI ' ] ) . " & amp ; action = $action&role=".$row['role_id']."&scope=platform\" > < img src = \"../img/".$image."\" border = \"0\"/ > < / a > ";
}
echo $row['role_name']."< br / > \n";
echo $row['role_comment']."< br / > \n";
}
// course roles
$sql="SELECT * FROM $coures_roles_table";
$result=api_sql_query($sql, __FILE__, __LINE__);
while ($row=mysql_fetch_array($result))
{
if(in_array($row['role_id'], $current_course_roles))
{
$checked='checked';
$image='checkbox_on2.gif';
$action='revoke';
}
else
{
$checked='';
$image='wrong.gif';
$action='grant';
}
if($setting_visualisation=='checkbox')
{
echo "< input type = \"checkbox\" name = \"role*course*".$row['role_id']."\" $ checked > ";
}
if($setting_visualisation=='image')
{
echo "< a href = \"".str_replace('&', ' & amp ; ' , $ _SERVER [ ' REQUEST_URI ' ] ) . " & amp ; action = $action&role=".$row['role_id']."&scope=course\" > < img src = \"../img/".$image."\" border = \"0\"/ > < / a > ";
}
echo $row['role_name']." < a href = \"../permissions/roles.php?role_id=".$row['role_id']."&scope=course\" > < img src = \"../img/edit.gif\" / > < / a > < br / > \n";
echo $row['role_comment']."< br / > \n";
}
}
/**
* This function gets all the current roles of the user or group
* @param $content are we finding the roles for a user or a group (the database depends on it)
* @param $id the id of the user or group
* @return array that contains the name of the roles the user has
* @todo consider having a separate table that contains only an id and a name of the role.
* @author Patrick Cool < patrick.cool @ ugent . be > , Ghent University
* @version 1.0
*/
function get_roles($content,$id, $scope='course')
{
if($content=='user')
{
$table=Database::get_course_table(TABLE_ROLE_USER);
$id_field = user_id;
}
if($content=='group')
{
$table=Database::get_course_table(TABLE_ROLE_GROUP);
$id_field = group_id;
}
$table_role=Database::get_course_table(TABLE_ROLE);
$current_roles=array();
//$sql="SELECT role.role_id FROM $table role_group_user, $table_role role WHERE role_group_user.$id_field = '$id' AND role_group_user.role_id=role.role_id AND role_group_user.scope='".$scope."'";$sql="SELECT role.role_id FROM $table role_group_user, $table_role role WHERE role_group_user.$id_field = '$id' AND role_group_user.role_id=role.role_id AND role_group_user.scope='".$scope."'";
$sql="SELECT role_id FROM $table WHERE $id_field = '$id' AND scope='".$scope."'";
$result=api_sql_query($sql, __FILE__, __LINE__);
while ($row=mysql_fetch_array($result))
{
$current_roles[]=$row['role_id'];
}
return $current_roles;
}
/**
* This function gets all the current roles of the user or group
* @return array that contains the name of the roles the user has
* @author Patrick Cool < patrick.cool @ ugent . be > , Ghent University
* @version 1.0
*/
function get_all_roles($content='course')
{
if($content=='course')
{
$table_role=Database::get_course_table(TABLE_ROLE);
}
if($content=='platform')
{
$table_role=Database::get_main_table(TABLE_ROLE);
}
$current_roles=array();
$sql="SELECT * FROM $table_role";
$result=api_sql_query($sql, __FILE__, __LINE__);
while ($row=mysql_fetch_array($result))
{
$roles[]=$row;
}
return $roles;
}
/**
* This function gets all the roles that are defined
* @param $content are we finding the roles for a user or a group (the database depends on it)
* @param $id the id of the user or group
* @param string Deprecated parameter allowing use of 'platform' scope - the corresponding tables don't exist anymore so the scope is always set to 'course'
* @return array that contains the name of the roles the user has
* @todo consider having a separate table that contains only an id and a name of the role.
* @author Patrick Cool < patrick.cool @ ugent . be > , Ghent University
* @version 1.0
*/
function get_roles_permissions($content,$id, $scope='course')
{
if($content == 'user')
{
$table=Database::get_course_table(TABLE_ROLE_USER);
$id_field = user_id;
}
if($content == 'group')
{
$table = Database::get_course_table(TABLE_ROLE_GROUP);
$id_field = group_id;
}
// course roles or platform roles
$scope = 'course';
if($scope == 'course')
{
$table_role = Database::get_course_table(TABLE_ROLE);
$table_role_permissions = Database::get_course_table(TABLE_ROLE_PERMISSION);
}
if($scope == 'platform')
{
$table_role = Database::get_main_table(TABLE_ROLE);
$table_role_permissions = Database::get_main_table(TABLE_ROLE_PERMISSION);
}
$current_roles = array();
$sql = "
SELECT *
FROM
" . $table . " role_group_user,
" . $table_role . " role,
" . $table_role_permissions . " role_permissions
WHERE
role_group_user.scope = '" . $scope . "' AND
role_group_user." . $id_field . " = '" . $id . "' AND
role_group_user.role_id = role.role_id AND
role.role_id = role_permissions.role_id";
$result = api_sql_query($sql, __FILE__, __LINE__);
while($row=mysql_fetch_array($result))
$current_role_permissions[$row['tool']][]=$row['action'];
return $current_role_permissions;
}
/**
* This function is called when we assign a role to a user or a group
* @param $content are we assigning a role to a group or a user
* @param $action we can grant a role to a group or user or revoke it
* @param $id the user_id of the user or the group_id of the group
* @param $role_id the id of the role we are giving to a user or a group.
* @author Patrick Cool < patrick.cool @ ugent . be > , Ghent University
*/
function assign_role($content, $action, $id, $role_id, $scope='course')
{
// Which database are we using (depending on the $content parameter)
if($content=='user')
{
$table=Database::get_course_table(TABLE_ROLE_USER);
$id_field = user_id;
}
elseif($content=='group')
{
$table=Database::get_course_table(TABLE_ROLE_GROUP);
$id_field = group_id;
}
else
{
return get_lang('Error');
}
// grating a right
if($action=='grant')
{
$sql="INSERT INTO $table (role_id, scope, $id_field) VALUES ('".mysql_real_escape_string($role_id)."','".mysql_real_escape_string($scope)."','".mysql_real_escape_string($id)."')";
$result=api_sql_query($sql, __FILE__, __LINE__);
if($result)
{
$result_message=get_lang('RoleGranted');
}
}
if($action=='revoke')
{
$sql="DELETE FROM $table WHERE $id_field = '".mysql_real_escape_string($id)."' AND role_id='".mysql_real_escape_string($role_id)."'";
$result=api_sql_query($sql, __FILE__, __LINE__);
if($result)
{
$result_message=get_lang('RoleRevoked');
}
}
return $result_message;
}
/**
* This function merges permission arrays. Each permission array has the following structure
* a permission array has a tool contanst as a key and an array as a value. This value array consists of all the permissions that are granted in that tool.
*/
function permission_array_merge($array1, $array2)
{
foreach ($array2 as $tool=>$permissions)
{
foreach ($permissions as $permissionkey=>$permissionvalue)
{
$array1[$tool][]=$permissionvalue;
}
}
return $array1;
}
function my_print_r($array)
{
echo '< pre > ';
print_r($array);
echo '< / pre > ';
}
?>